Setting up site-to-site on Netgear BR500 router

Note: If your device/service supports SHA256 and DH group 14, it is recommended to use these settings instead.

Configuring the tunnel on the Netgear Management Interface

1. Open the Netgear management interface

2. In the left panel, select Security, then select IPSec VPN

3. Select the Add to create a new profile

4. Fill in the following information:

• Policy Name: Create the name of your own choice.
• Mode: Net-2-Net
• Remote Gateway IP: Enter the IP address of your NordLayer dedicated server.
• Local Subnet and Local Mask: Enter your LAN subnet and subnet mask.
• Remote Subnet: Enter 10.6.0.0
• Remote Mask: 255.255.240.0

5. Generate a pre-shared key (we will also need this value on our end) and choose IKEv2

6. At the Advanced Settings fill in the following information:

• Phase 1 Proposal: sha1-aes256-dh5 (sha256-aes256-dh14 highly recommended)
• Exchange Mode: main
• Negotiation Mode: Initiator
• Phase 1 SA Lifetime: 3600 seconds

• DPD: Enable
• DPD Interval: 10 seconds
• Encapsulation Mode: Tunnel Mode
• Proposal (Phase 2): esp-sha1-aes256 (esp-sha256-aes256 highly recommended)
• SA Lifetime (Phase 2): 28800 seconds

Ending note:

In order to finalize the site-to-site setup on our end, please provide these values via Site-to-site request from in the NordLayer Control Panel:

• Pre-shared key - you can generate it or we can provide it
• Encryption  details (AES, SHA and DH group) - AES256, SHA256 and DH group 14 are recommended (also must support IKEv2)
• Remote gateway/router public IP (must be reachable while connected to the dedicated server)
• Remote subnet and mask (the subnet is used in your local network)

Note: In case you are experiencing different results, make sure that you have you carefully gone through all the steps. Having said that, in case the issue persists please feel free to contact our 24/7 customer support team.